Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          u+Amlp9zva0NYLKXU8VCM2qpg0S6LZOx+TJTDvy7ORg=
Subject key identifier:   CC:A5:0C:9B:7D:6F:AB:92:07:95:B7:23:56:DA:52:41:58:10:9E:16
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       0198748755B5705B7D5F04E102C97310A9D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          04A4
Signing time:             Mon 04 Aug 2025 10:01:23 +0000
Manifest this update:     Mon 04 Aug 2025 10:01:23 +0000
Manifest next update:     Tue 05 Aug 2025 10:01:23 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: jmlBAIKu/Mro1kd8UWIvjW/1OiX2tVh4xIyRsgp4EpM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 10:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:87:55:b5:70:5b:7d:5f:04:e1:02:c9:73:10:a9:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Aug  4 10:01:23 2025 GMT
            Not After : Aug  5 10:01:23 2025 GMT
        Subject: CN=cca50c9b7d6fab920795b72356da524158109e16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:63:b7:c0:5a:09:48:08:c4:34:b0:6d:1a:8b:
                    77:7f:24:93:76:d7:85:96:94:ec:fa:18:14:a7:55:
                    1a:20:0b:c3:e2:7a:5b:23:ee:14:06:42:dd:b2:dd:
                    f4:e4:36:cc:45:8a:68:ce:d4:79:a3:3e:2f:08:82:
                    54:76:36:e0:98:8c:4b:30:a2:62:a3:30:4e:fa:59:
                    fc:88:2b:ec:0d:fc:53:96:71:8c:b0:c8:59:6c:83:
                    47:34:01:be:a3:4c:d6:ba:bb:8a:a1:fb:c9:32:c4:
                    30:e2:c3:94:f7:a4:4c:b8:c0:cc:d9:5f:71:17:56:
                    32:6d:ab:00:e9:e4:5d:b4:80:36:40:d8:21:be:43:
                    62:a1:6c:96:7a:e3:cc:5c:03:02:46:04:fe:7b:4d:
                    3e:9c:44:6a:ce:9e:37:f5:4a:9c:3b:37:bd:5b:49:
                    8b:61:26:d1:8d:e3:42:d0:e4:9f:94:e3:54:d0:35:
                    0c:9f:25:b5:8a:d3:61:d4:f9:d3:e5:b9:b8:4c:5b:
                    89:7f:04:f8:bf:cc:7a:69:d9:63:d3:43:fd:43:0f:
                    74:5d:36:88:e7:4a:cf:dd:73:13:84:fc:1a:82:9e:
                    a9:3c:4d:73:ec:a9:b3:d3:6a:52:da:c8:e8:e6:42:
                    80:6d:8a:b0:62:1b:81:e4:51:1c:99:b8:6e:fe:28:
                    41:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:A5:0C:9B:7D:6F:AB:92:07:95:B7:23:56:DA:52:41:58:10:9E:16
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         ae:80:7a:6f:f0:24:5c:28:00:36:16:e6:2c:eb:a1:1e:6c:68:
         ed:41:a7:a9:1b:f9:93:f4:2c:5c:19:7b:3c:04:1f:06:df:6a:
         03:88:5f:02:55:34:d1:a0:05:bc:03:88:6e:d5:d8:86:3f:94:
         5e:8a:d8:27:4f:b4:12:ab:9e:41:a3:37:ea:0b:8f:f5:f9:36:
         56:97:6d:51:46:c8:3b:25:d1:db:81:db:d2:e1:98:79:33:67:
         57:79:1d:9f:91:88:0b:26:b4:7b:e3:db:9f:ce:ca:5e:29:fc:
         f7:71:74:f8:30:78:51:55:f5:0e:14:b8:e7:f8:38:7e:01:2f:
         48:69:fd:11:53:b8:51:ba:e5:83:1c:53:f2:bf:59:a4:0d:e5:
         bf:59:7b:ac:c0:bf:7c:2a:49:5b:d8:80:e0:6b:97:57:92:3f:
         e3:18:b2:63:7c:09:8a:75:07:79:2a:29:30:c2:a8:13:79:10:
         ec:c6:28:c1:a6:a2:06:b5:f7:91:17:bf:e8:6d:83:99:e7:86:
         96:4f:99:ae:48:1e:e6:6f:97:d2:c5:a3:88:5f:d6:78:80:ba:
         13:93:03:29:a1:35:ac:e8:98:34:cc:82:21:f5:c3:96:3d:4e:
         60:61:70:4e:47:c9:8e:db:9e:eb:6e:58:60:00:58:d3:3f:5a:
         ad:77:96:58
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZh0h1W1cFt9XwThAslzEKnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjUwODA0MTAwMTIzWhcNMjUwODA1MTAwMTIzWjAzMTEwLwYDVQQD
EyhjY2E1MGM5YjdkNmZhYjkyMDc5NWI3MjM1NmRhNTI0MTU4MTA5ZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GO3wFoJSAjENLBtGot3fySTdteF
lpTs+hgUp1UaIAvD4npbI+4UBkLdst305DbMRYpoztR5oz4vCIJUdjbgmIxLMKJi
ozBO+ln8iCvsDfxTlnGMsMhZbINHNAG+o0zWuruKofvJMsQw4sOU96RMuMDM2V9x
F1YybasA6eRdtIA2QNghvkNioWyWeuPMXAMCRgT+e00+nERqzp439UqcOze9W0mL
YSbRjeNC0OSflONU0DUMnyW1itNh1PnT5bm4TFuJfwT4v8x6adlj00P9Qw90XTaI
50rP3XMThPwagp6pPE1z7Kmz02pS2sjo5kKAbYqwYhuB5FEcmbhu/ihBcQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMylDJt9b6uSB5W3I1baUkFYEJ4WMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAroB6b/Ak
XCgANhbmLOuhHmxo7UGnqRv5k/QsXBl7PAQfBt9qA4hfAlU00aAFvAOIbtXYhj+U
XorYJ0+0EqueQaM36guP9fk2VpdtUUbIOyXR24Hb0uGYeTNnV3kdn5GICya0e+Pb
n87KXin893F0+DB4UVX1DhS45/g4fgEvSGn9EVO4UbrlgxxT8r9ZpA3lv1l7rMC/
fCpJW9iA4GuXV5I/4xiyY3wJinUHeSopMMKoE3kQ7MYowaaiBrX3kRe/6G2DmeeG
lk+Zrkge5m+X0sWjiF/WeIC6E5MDKaE1rOiYNMyCIfXDlj1OYGFwTkfJjtue625Y
YABY0z9arXeWWA==
-----END CERTIFICATE-----
Generated at Mon Aug 4 18:18:08 2025 by rpki-client